Home

Download

Order

Support

?

Greatis Software support expert detected suspicious file in the user's system report file. This file is generated by free Greatis Software Reanimator software.

It was the "c:\windows\system32\ntsystem.exe". This file was registered in the "Run" startup keys as "gwiz".

But after successful Windows loading we got "ntsystem.exe" again.

Catty asked a user for getting "xpbootlog.txt" report made by Greatis Software Bootlog XP tool. We analyzed received "xpbootlog.txt" and found the strange file: NTOSKRNL.DLL.

After that we opened xpbootlog.txt using Bootlog XP software.

We found that the DLL was loaded by Winlogon. NTOSKRNL.DLL is registered as Winlogon Notification DLL.

NTOSKRNL.DLL is a user mode rootkit. It hides its presence in the registry and in the loaded modules listing.

You could not delete it using standard Windows deletion methods.

1. Download our special software:
   RegRun Reanimator
   Unzip it to any folder on your hard drive.
   
2. Open Reanimator.exe. Open "Reanimator" menu, "Execute Reanimator Job". Choose "ntsystem.rnr" file. "NTSYSTEM.RNR" job contains the procedure for activating RegRun Partizan and deleting the ntsystem.exe and ntoskrnl.dll at reboot.

   You will see the "RegRun Partizan" on the Windows blue boot screen in the same moment when Windows checking hard drives.

   Look at the messages on the screen to be sure that the dangerous files are deleted.

3. Restart your computer. Open Reanimator and choose "Scan for Viruses" to be sure that it is complete.
4. Visit our Support center if you have any questions.
   Open a support ticket and attach your detailed system report made by RegRun Reanimator.
5. To remove Partizan from your computer, open Reanimator.exe, go to the "Features", "Partizan".
   Click on the "Remove" button.

Suggest you to use RegRun Platinum Edition to be sure that your rootkit's clear!

Good luck!

Dmitry Sokolov

I am a senior citizen who is trying to learn as much as I can about computers in my retirement. On September 6, 2006 I received a NTSYSTEM.EXE file that I could not delete, caused numerous popups on my computer, and caused me great concern and four (4) full days of research before seeing your website offering a solution to the problem. Keep in mind I have Dell, Microsoft and McAfee security measures in operation on my computer. You suggest that people infected with the above malicious file download and run your RegRun Animator. I took your suggestion. To my great surprise and pleasure, the associated files were gone in a matter of minutes. Not only that, your RegRun Animator helped me delete other unwanted files. My hats off to you. I can now go about the business for which I bought my computer without interruption. Thank you, and thank you again.

Jack Nelson

Would you like to add your opinion?